* Fixed authentication parameter parsing for both users and servers

* Jwt is now given over the query string as many websocket libraries make it hard to pass header parameters Parsing these values should also work fine but we'll see in time
2021-04-09 18:59:10 -07:00 · 2021-04-09 18:59:10 -07:00 · 5df5329b6c
commit 5df5329b6c
parent 7eb81f38f2
2 changed files with 19 additions and 23 deletions
--- a/rtc-server/auth.js
+++ b/rtc-server/auth.js
@ -1,5 +1,8 @@
 const jsonwebtoken = require('jsonwebtoken')
 const fs = require('fs')
+const IncomingMessage = require('http').IncomingMessage
+const url = require('url')
+const query = require('querystring')

 const SERVER_HMAC = fs.readFileSync('wss-hmac.secret')
 const USER_HMAC = fs.readFileSync('hmac.secret')
@ -12,7 +15,6 @@ exports.verify = function(token) {
 	 * @returns 'server' on server connection
 	 * @retusn false on failure
 	 */
-	console.log('given token: ', token)
 	const vconfig = {
 		clockTolerance: 3, 
 	}
@ -30,6 +32,9 @@ exports.verify = function(token) {
 }


+/**
+ * @param {IncomingMessage} req
+ */
 exports.prepare_auth = function(req) {
 	// NOTE: Why? because setting headers from the server is completely undocumented and I've ran
 	// through basically every library under the sun I literally con't be fucked to 
@ -37,16 +42,13 @@ exports.prepare_auth = function(req) {

 	// Typical User connections are setup with authentication in the headers
 	// Requested channel is the path
-	let header_auth = req.headers['authentication'] || req.headers['jwt']
-	if(!header_auth) {
-		let path = req.url
-		let uri = '/jwt/'
-		if(req.url.startsWith(uri)) {
-			let jwt = req.url.slice(uri.length)
-			return [jwt,null]
-		}
-	}  
-	else {
-		return [header_auth, req.url]
+	const full = url.parse(req.url)
+	const path = full.pathname
+	const jwt = query.parse(full.query)['jwt']
+
+	if(!path || !jwt) {
+		return [null, null]
+	} else {
+		return [jwt, path]
 	}
 }
--- a/rtc-server/main.js
+++ b/rtc-server/main.js
@ -7,8 +7,8 @@ const server = new ws.Server({
 })

 server.on('connection', function(socket, req) {
-	let [jwt, path] = auth.prepare_auth(req)
-	let conn = auth.verify(jwt)
+	const [jwt, path] = auth.prepare_auth(req)
+	const conn = auth.verify(jwt)
 	if(conn == 'server') {
 		console.log('[WSS] New server connection')

@ -26,16 +26,10 @@ server.on('connection', function(socket, req) {
 		})

 	} else if(conn == 'user') {
-		socket.on('message', function(message) {
-			// some kind of parsing here
-			// no actual emitting to all users
-			server.clients.forEach(client => {
-				if (client !== socket && client.readyState === ws.OPEN) {
-					client.send(message)
-				}
-			})
+		console.log('[WSS] New user connection')
+		socket.on('close', function() {
+			console.log('[WSS] User connection closed')
 		})
-
 	} else {
 		console.log('[WSS] No valid auth', conn)
 		socket.close()